cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, e9d4939eaa9f0e95fdfd31a9d36a40b647374556

CVE, Research URL

e9d4939eaa9f0e95fdfd31a9d36a40b647374556

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
Aug 22, 2022
Research Description
Tutor LMS &#8211; eLearning and online course solution [tutor] < 2.0.9 Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting The Tutor LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions 2.0.0-2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
Tutor LMS &#8211; Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS &#8211; Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
New vulnerability
Orbit Fox by ThemeIsle (CVE-2026-11358) , Jun 19, 2026
Dokan &#8211; Best WooCommerce Multivendor Marketplace Solution &#8211; Build Your Own Amazon, eBay, Etsy (CVE-2026-10023) , Jun 19, 2026
Services Section block &#8211; Showcase services in a professional way. (CVE-2026-11402) , Jun 19, 2026
Cornerstone (CVE-2026-54185) , Jun 19, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-12098) , Jun 19, 2026